Üdv!
A monitorix utilban szeretném monitorozni a venet0:0 eszközt (VPS), de nem látni semmit:
Kép
A konfigban az eth0-t irtam át venet0:0 -ra.
Vagy ezt nem eszi meg a monitorix?
G.
Üdvözletem
Meglehetősen zavaró problémám akadt OpenVpn készítés közben.
Maga a helyzet egyszerű. Bérlek egy VPS-t és azon szeretnék telepíteni egy jól működő OpenVPN-t. Maga a VPN telepítéssel nincsen probléma. Csak az azt követő csatlakozásnál.
Grep ovpn-server /var/log/syslog követően kiírodik a log és a végén ott is a kívánt "Initialization Sequence Completed". Bár itt megjegyezendő, hogy kezdő vagyok e téren és ettől itt is lehet még hiba.
Feb 18 11:04:57 ********* ovpn-server[2005]: Initialization Sequence Completed
A problémám ott adódik, mikor klienssel próbálok csatlakozni a VPN-re. A kliens minden OS rendszeren ugyan azt a hibát nyámmogja el, amire google sem adott választ (ebből következik, hogy nem egyszerű probléma lehet -Bár lehet, hogy pont emiatt tök egyszerű is lehet-), amely a következő lenne:
Tue Feb 18 10:51:33 2014 us=407047 UDPv4 WRITE [14] to [AF_INET]**.***.249.104:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=5da965bb ef87fff9 [ ] pid=0 DATA
Tue Feb 18 10:51:33 2014 us=407047 UDPv4 write returned 14
Teljesen egyszerű sima VPN-t készítenék. Lentebb minden log megtalálható részletesen. Komolyságát tekintve még senki sem tudott nekem értelmes megoldással szolgálni remélem, itt rám talál a szerencse. Előre is, köszönöm, hogy végig olvastad!
Engedélyezve lettek a
• net.ipv4.conf.default.rp_filter=1
• net.ipv4.conf.all.rp_filter=1
• net.ipv4.tcp_syncookies=1
Nyitott portok:
root@*********:/home/********# netstat -nlptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 842/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1035/cupsd
tcp6 0 0 :::22 :::* LISTEN 842/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1035/cupsd
udp 0 0 0.0.0.0:45966 0.0.0.0:* 1069/avahi-daemon:
udp 0 0 0.0.0.0:1194 0.0.0.0:* 2005/openvpn
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1069/avahi-daemon:
udp6 0 0 :::44649 :::* 1069/avahi-daemon:
udp6 0 0 :::5353 :::* 1069/avahi-daemon:
A server konfigom:
port 1194
proto udp
dev tun0
ca /etc/openvpn/CA/keys/ca.crt
cert /etc/openvpn/CA/keys/vpnserver.crt
key /etc/openvpn/CA/keys/vpnserver.key
dh /etc/openvpn/CA/keys/dh2048.pem
server 172.16.200.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/server.ipp
keepalive 10 120
comp-lzo
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 172.16.200.1"
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/server.status 5
status-version 2
verb 6
mute 20
A kliens konfigom:
client
dev tun0
remote **.***.249.104 1194
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 felhasznalo.p12
ns-cert-type server
comp-lzo
verb 9
Jelenlegi tűzfal beállításaim:
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT [20:1338]
-A POSTROUTING -s 172.16.200.0/24 -j SNAT --to-source **.***.249.104
COMMIT
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 172.16.200.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o tun0 -j ACCEPT
A teljes OpenVPN syslog:
Log: Feb 18 11:04:57 ********* ovpn-server[2000]: Current Parameter Settings:
Feb 18 11:04:57 ********* ovpn-server[2000]: config = '/etc/openvpn/server.conf'
Feb 18 11:04:57 ********* ovpn-server[2000]: mode = 1
Feb 18 11:04:57 ********* ovpn-server[2000]: persist_config = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: persist_mode = 1
Feb 18 11:04:57 ********* ovpn-server[2000]: show_ciphers = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: show_digests = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: show_engines = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: genkey = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: key_pass_file = '[UNDEF]'
Feb 18 11:04:57 ********* ovpn-server[2000]: show_tls_ciphers = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: Connection profiles [default]:
Feb 18 11:04:57 ********* ovpn-server[2000]: proto = udp
Feb 18 11:04:57 ********* ovpn-server[2000]: local = '[UNDEF]'
Feb 18 11:04:57 ********* ovpn-server[2000]: local_port = 1194
Feb 18 11:04:57 ********* ovpn-server[2000]: remote = '[UNDEF]'
Feb 18 11:04:57 ********* ovpn-server[2000]: remote_port = 1194
Feb 18 11:04:57 ********* ovpn-server[2000]: remote_float = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: bind_defined = DISABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: bind_local = ENABLED
Feb 18 11:04:57 ********* ovpn-server[2000]: NOTE: --mute triggered...
Feb 18 11:04:57 ********* ovpn-server[2000]: 260 variation(s) on previous 20 message(s) suppressed by --mute
Feb 18 11:04:57 ********* ovpn-server[2000]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013
Feb 18 11:04:57 ********* ovpn-server[2000]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 18 11:04:57 ********* ovpn-server[2000]: Diffie-Hellman initialized with 2048 bit key
Feb 18 11:04:57 ********* ovpn-server[2000]: TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 18 11:04:57 ********* ovpn-server[2000]: Socket Buffers: R=[212992->131072] S=[212992->131072]
Feb 18 11:04:57 ********* ovpn-server[2000]: ROUTE default_gateway=**.**.249.1
Feb 18 11:04:57 ********* ovpn-server[2000]: TUN/TAP device tun0 opened
Feb 18 11:04:57 ********* ovpn-server[2000]: TUN/TAP TX queue length set to 100
Feb 18 11:04:57 ********* ovpn-server[2000]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Feb 18 11:04:57 ********* ovpn-server[2000]: /sbin/ifconfig tun0 172.16.200.1 pointopoint 172.16.200.2 mtu 1500
Feb 18 11:04:57 ********* ovpn-server[2000]: /sbin/route add -net 172.16.200.0 netmask 255.255.255.0 gw 172.16.200.2
Feb 18 11:04:57 ********* ovpn-server[2000]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 18 11:04:57 ********* ovpn-server[2005]: GID set to nogroup
Feb 18 11:04:57 ********* ovpn-server[2005]: UID set to nobody
Feb 18 11:04:57 ********* ovpn-server[2005]: UDPv4 link local (bound): [undef]
Feb 18 11:04:57 ********* ovpn-server[2005]: UDPv4 link remote: [undef]
Feb 18 11:04:57 ********* ovpn-server[2005]: MULTI: multi_init called, r=256 v=256
Feb 18 11:04:57 ********* ovpn-server[2005]: IFCONFIG POOL: base=172.16.200.4 size=62, ipv6=0
Feb 18 11:04:57 ********* ovpn-server[2005]: IFCONFIG POOL LIST
A teljes kliens verb9 log:
Tue Feb 18 10:51:30 2014 us=299960 Current Parameter Settings:
Tue Feb 18 10:51:30 2014 us=299960 config = 'client.ovpn'
Tue Feb 18 10:51:30 2014 us=299960 mode = 0
Tue Feb 18 10:51:30 2014 us=299960 show_ciphers = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 show_digests = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 show_engines = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 genkey = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 key_pass_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 show_tls_ciphers = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 Connection profiles [default]:
Tue Feb 18 10:51:30 2014 us=299960 proto = udp
Tue Feb 18 10:51:30 2014 us=299960 local = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 local_port = 1194
Tue Feb 18 10:51:30 2014 us=299960 remote = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 remote_port = 1194
Tue Feb 18 10:51:30 2014 us=299960 remote_float = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 bind_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 bind_local = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 connect_retry_seconds = 5
Tue Feb 18 10:51:30 2014 us=299960 connect_timeout = 10
Tue Feb 18 10:51:30 2014 us=299960 connect_retry_max = 0
Tue Feb 18 10:51:30 2014 us=299960 socks_proxy_server = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 socks_proxy_port = 0
Tue Feb 18 10:51:30 2014 us=299960 socks_proxy_retry = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu = 1500
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 link_mtu = 1500
Tue Feb 18 10:51:30 2014 us=299960 link_mtu_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu_extra = 0
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu_extra_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 mtu_discover_type = -1
Tue Feb 18 10:51:30 2014 us=299960 fragment = 0
Tue Feb 18 10:51:30 2014 us=299960 mssfix = 1450
Tue Feb 18 10:51:30 2014 us=299960 explicit_exit_notification = 0
Tue Feb 18 10:51:30 2014 us=299960 Connection profiles [0]:
Tue Feb 18 10:51:30 2014 us=299960 proto = udp
Tue Feb 18 10:51:30 2014 us=299960 local = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 local_port = 1194
Tue Feb 18 10:51:30 2014 us=299960 remote = '**.**.249.104'
Tue Feb 18 10:51:30 2014 us=299960 remote_port = 1194
Tue Feb 18 10:51:30 2014 us=299960 remote_float = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 bind_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 bind_local = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 connect_retry_seconds = 5
Tue Feb 18 10:51:30 2014 us=299960 connect_timeout = 10
Tue Feb 18 10:51:30 2014 us=299960 connect_retry_max = 0
Tue Feb 18 10:51:30 2014 us=299960 socks_proxy_server = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 socks_proxy_port = 0
Tue Feb 18 10:51:30 2014 us=299960 socks_proxy_retry = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu = 1500
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu_defined = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 link_mtu = 1500
Tue Feb 18 10:51:30 2014 us=299960 link_mtu_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu_extra = 0
Tue Feb 18 10:51:30 2014 us=299960 tun_mtu_extra_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 mtu_discover_type = -1
Tue Feb 18 10:51:30 2014 us=299960 fragment = 0
Tue Feb 18 10:51:30 2014 us=299960 mssfix = 1450
Tue Feb 18 10:51:30 2014 us=299960 explicit_exit_notification = 0
Tue Feb 18 10:51:30 2014 us=299960 Connection profiles END
Tue Feb 18 10:51:30 2014 us=299960 remote_random = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 ipchange = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 dev = 'tun0'
Tue Feb 18 10:51:30 2014 us=299960 dev_type = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 dev_node = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 lladdr = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 topology = 1
Tue Feb 18 10:51:30 2014 us=299960 tun_ipv6 = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_local = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_remote_netmask = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_noexec = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_nowarn = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_ipv6_local = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_ipv6_netbits = 0
Tue Feb 18 10:51:30 2014 us=299960 ifconfig_ipv6_remote = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 shaper = 0
Tue Feb 18 10:51:30 2014 us=299960 mtu_test = 0
Tue Feb 18 10:51:30 2014 us=299960 mlock = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 keepalive_ping = 0
Tue Feb 18 10:51:30 2014 us=299960 keepalive_timeout = 0
Tue Feb 18 10:51:30 2014 us=299960 inactivity_timeout = 0
Tue Feb 18 10:51:30 2014 us=299960 ping_send_timeout = 0
Tue Feb 18 10:51:30 2014 us=299960 ping_rec_timeout = 0
Tue Feb 18 10:51:30 2014 us=299960 ping_rec_timeout_action = 0
Tue Feb 18 10:51:30 2014 us=299960 ping_timer_remote = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 remap_sigusr1 = 0
Tue Feb 18 10:51:30 2014 us=299960 persist_tun = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 persist_local_ip = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 persist_remote_ip = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 persist_key = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 passtos = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 resolve_retry_seconds = 1000000000
Tue Feb 18 10:51:30 2014 us=299960 username = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 groupname = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 chroot_dir = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 cd_dir = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 writepid = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 up_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 down_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 down_pre = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 up_restart = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 up_delay = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 daemon = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 inetd = 0
Tue Feb 18 10:51:30 2014 us=299960 log = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 suppress_timestamps = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 nice = 0
Tue Feb 18 10:51:30 2014 us=299960 verbosity = 9
Tue Feb 18 10:51:30 2014 us=299960 mute = 0
Tue Feb 18 10:51:30 2014 us=299960 status_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 status_file_version = 1
Tue Feb 18 10:51:30 2014 us=299960 status_file_update_freq = 60
Tue Feb 18 10:51:30 2014 us=299960 occ = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 rcvbuf = 0
Tue Feb 18 10:51:30 2014 us=299960 sndbuf = 0
Tue Feb 18 10:51:30 2014 us=299960 sockflags = 0
Tue Feb 18 10:51:30 2014 us=299960 fast_io = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 lzo = 7
Tue Feb 18 10:51:30 2014 us=299960 route_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 route_default_gateway = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 route_default_metric = 0
Tue Feb 18 10:51:30 2014 us=299960 route_noexec = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 route_delay = 5
Tue Feb 18 10:51:30 2014 us=299960 route_delay_window = 30
Tue Feb 18 10:51:30 2014 us=299960 route_delay_defined = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 route_nopull = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 route_gateway_via_dhcp = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 max_routes = 100
Tue Feb 18 10:51:30 2014 us=299960 allow_pull_fqdn = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 management_addr = '127.0.0.1'
Tue Feb 18 10:51:30 2014 us=299960 management_port = 25340
Tue Feb 18 10:51:30 2014 us=299960 management_user_pass = 'stdin'
Tue Feb 18 10:51:30 2014 us=299960 management_log_history_cache = 250
Tue Feb 18 10:51:30 2014 us=299960 management_echo_buffer_size = 100
Tue Feb 18 10:51:30 2014 us=299960 management_write_peer_info_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 management_client_user = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 management_client_group = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 management_flags = 6
Tue Feb 18 10:51:30 2014 us=299960 shared_secret_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 key_direction = 0
Tue Feb 18 10:51:30 2014 us=299960 ciphername_defined = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 ciphername = 'BF-CBC'
Tue Feb 18 10:51:30 2014 us=299960 authname_defined = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 authname = 'SHA1'
Tue Feb 18 10:51:30 2014 us=299960 prng_hash = 'SHA1'
Tue Feb 18 10:51:30 2014 us=299960 prng_nonce_secret_len = 16
Tue Feb 18 10:51:30 2014 us=299960 keysize = 0
Tue Feb 18 10:51:30 2014 us=299960 engine = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 replay = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 mute_replay_warnings = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 replay_window = 64
Tue Feb 18 10:51:30 2014 us=299960 replay_time = 15
Tue Feb 18 10:51:30 2014 us=299960 packet_id_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 use_iv = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 test_crypto = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 tls_server = DISABLED
Tue Feb 18 10:51:30 2014 us=299960 tls_client = ENABLED
Tue Feb 18 10:51:30 2014 us=299960 key_method = 2
Tue Feb 18 10:51:30 2014 us=299960 ca_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 ca_path = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=299960 dh_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 cert_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 priv_key_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 pkcs12_file = 'felhasznalo.p12'
Tue Feb 18 10:51:30 2014 us=300961 cryptoapi_cert = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 cipher_list = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 tls_verify = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 tls_export_cert = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 verify_x509_type = 0
Tue Feb 18 10:51:30 2014 us=300961 verify_x509_name = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 crl_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 ns_cert_type = 1
Tue Feb 18 10:51:30 2014 us=300961 remote_cert_ku[i] = 0
Tue Feb 18 10:51:30 2014 us=300961 remote_cert_ku[i] = 0
Tue Feb 18 10:51:30 2014 us=300961 remote_cert_eku = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 ssl_flags = 0
Tue Feb 18 10:51:30 2014 us=300961 tls_timeout = 2
Tue Feb 18 10:51:30 2014 us=300961 renegotiate_bytes = 0
Tue Feb 18 10:51:30 2014 us=300961 renegotiate_packets = 0
Tue Feb 18 10:51:30 2014 us=300961 renegotiate_seconds = 3600
Tue Feb 18 10:51:30 2014 us=300961 handshake_window = 60
Tue Feb 18 10:51:30 2014 us=300961 transition_window = 3600
Tue Feb 18 10:51:30 2014 us=300961 single_session = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 push_peer_info = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 tls_exit = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 tls_auth_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_protected_authentication = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_protected_authentication = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_private_mode = 00000000
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_cert_private = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_pin_cache_period = -1
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_id = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=300961 pkcs11_id_management = DISABLED
Tue Feb 18 10:51:30 2014 us=300961 server_network = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=300961 server_netmask = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 server_network_ipv6 = ::
Tue Feb 18 10:51:30 2014 us=301961 server_netbits_ipv6 = 0
Tue Feb 18 10:51:30 2014 us=301961 server_bridge_ip = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 server_bridge_netmask = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 server_bridge_pool_start = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 server_bridge_pool_end = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_pool_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_pool_start = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_pool_end = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_pool_netmask = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_pool_persist_refresh_freq = 600
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_ipv6_pool_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_ipv6_pool_base = ::
Tue Feb 18 10:51:30 2014 us=301961 ifconfig_ipv6_pool_netbits = 0
Tue Feb 18 10:51:30 2014 us=301961 n_bcast_buf = 256
Tue Feb 18 10:51:30 2014 us=301961 tcp_queue_limit = 64
Tue Feb 18 10:51:30 2014 us=301961 real_hash_size = 256
Tue Feb 18 10:51:30 2014 us=301961 virtual_hash_size = 256
Tue Feb 18 10:51:30 2014 us=301961 client_connect_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 learn_address_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 client_disconnect_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 client_config_dir = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 ccd_exclusive = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 tmp_dir = 'C:\Users\*****\AppData\Local\Temp\'
Tue Feb 18 10:51:30 2014 us=301961 push_ifconfig_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 push_ifconfig_local = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 push_ifconfig_remote_netmask = 0.0.0.0
Tue Feb 18 10:51:30 2014 us=301961 push_ifconfig_ipv6_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 push_ifconfig_ipv6_local = ::/0
Tue Feb 18 10:51:30 2014 us=301961 push_ifconfig_ipv6_remote = ::
Tue Feb 18 10:51:30 2014 us=301961 enable_c2c = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 duplicate_cn = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 cf_max = 0
Tue Feb 18 10:51:30 2014 us=301961 cf_per = 0
Tue Feb 18 10:51:30 2014 us=301961 max_clients = 1024
Tue Feb 18 10:51:30 2014 us=301961 max_routes_per_client = 256
Tue Feb 18 10:51:30 2014 us=301961 auth_user_pass_verify_script = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 auth_user_pass_verify_script_via_file = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 client = ENABLED
Tue Feb 18 10:51:30 2014 us=301961 pull = ENABLED
Tue Feb 18 10:51:30 2014 us=301961 auth_user_pass_file = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 show_net_up = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 route_method = 0
Tue Feb 18 10:51:30 2014 us=301961 ip_win32_defined = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 ip_win32_type = 3
Tue Feb 18 10:51:30 2014 us=301961 dhcp_masq_offset = 0
Tue Feb 18 10:51:30 2014 us=301961 dhcp_lease_time = 31536000
Tue Feb 18 10:51:30 2014 us=301961 tap_sleep = 0
Tue Feb 18 10:51:30 2014 us=301961 dhcp_options = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 dhcp_renew = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 dhcp_pre_release = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 dhcp_release = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 domain = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 netbios_scope = '[UNDEF]'
Tue Feb 18 10:51:30 2014 us=301961 netbios_node_type = 0
Tue Feb 18 10:51:30 2014 us=301961 disable_nbt = DISABLED
Tue Feb 18 10:51:30 2014 us=301961 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Tue Feb 18 10:51:30 2014 us=301961 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Feb 18 10:51:30 2014 us=301961 Need hold release from management interface, waiting...
Tue Feb 18 10:51:30 2014 us=791313 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Feb 18 10:51:30 2014 us=893114 MANAGEMENT: CMD 'state on'
Tue Feb 18 10:51:30 2014 us=893114 MANAGEMENT: CMD 'log all on'
Tue Feb 18 10:51:30 2014 us=946036 MANAGEMENT: CMD 'hold off'
Tue Feb 18 10:51:30 2014 us=946036 MANAGEMENT: CMD 'hold release'
Tue Feb 18 10:51:31 2014 us=21258 LZO compression initialized
Tue Feb 18 10:51:31 2014 us=21258 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb 18 10:51:31 2014 us=22259 Socket Buffers: R=[65536->65536] S=[32768->32768]
Tue Feb 18 10:51:31 2014 us=22259 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Feb 18 10:51:31 2014 us=22259 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Feb 18 10:51:31 2014 us=22259 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Feb 18 10:51:31 2014 us=22259 Local Options hash (VER=V4): '41690919'
Tue Feb 18 10:51:31 2014 us=22259 Expected Remote Options hash (VER=V4): '530fdded'
Tue Feb 18 10:51:31 2014 us=22259 UDPv4 link local (bound): [undef]
Tue Feb 18 10:51:31 2014 us=22259 UDPv4 link remote: [AF_INET]**.**.249.104:1194
Tue Feb 18 10:51:31 2014 us=22259 MANAGEMENT: >STATE:1392717091,WAIT,,,
Tue Feb 18 10:51:31 2014 us=22259 event_wait returned 2
Tue Feb 18 10:51:31 2014 us=22259 UDPv4 WRITE [14] to [AF_INET]**.**.249.104:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=5da965bb ef87fff9 [ ] pid=0 DATA
Tue Feb 18 10:51:31 2014 us=22259 UDPv4 write returned 14
Tue Feb 18 10:51:31 2014 us=22259 event_wait returned 1
Tue Feb 18 10:51:32 2014 us=215039 event_wait returned 0
Tue Feb 18 10:51:32 2014 us=215039 event_wait returned 1
Tue Feb 18 10:51:33 2014 us=407047 event_wait returned 0
Tue Feb 18 10:51:33 2014 us=407047 event_wait returned 2
Tue Feb 18 10:51:33 2014 us=407047 UDPv4 WRITE [14] to [AF_INET]**.**.249.104:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=5da965bb ef87fff9 [ ] pid=0 DATA
Tue Feb 18 10:51:33 2014 us=407047 UDPv4 write returned 14
Tue Feb 18 10:51:33 2014 us=407047 event_wait returned 1
Tue Feb 18 10:51:34 2014 us=599432 event_wait returned 0
Tue Feb 18 10:51:34 2014 us=599432 event_wait returned 1
Tue Feb 18 10:51:35 2014 us=791740 event_wait returned 0
Tue Feb 18 10:51:35 2014 us=791740 event_wait returned 1
Tue Feb 18 10:51:36 2014 us=983746 event_wait returned 0
Tue Feb 18 10:51:36 2014 us=983746 event_wait returned 1
Tue Feb 18 10:51:38 2014 us=143550 event_wait returned 1
Tue Feb 18 10:51:38 2014 us=144551 TCP/UDP: Closing socket
Tue Feb 18 10:51:38 2014 us=144551 SIGTERM[hard,] received, process exiting
Tue Feb 18 10:51:38 2014 us=144551 MANAGEMENT: >STATE:1392717098,EXITING,SIGTERM,,
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: pkcs11h_terminate entry
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: Removing providers
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: Releasing sessions
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: Terminating slotevent
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: _pkcs11h_slotevent_terminate entry
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: _pkcs11h_slotevent_terminate return
Tue Feb 18 10:51:38 2014 us=144551 PKCS#11: Marking as uninitialized
Üdv!
Fedora 19 frissítés ("fedup --network 20" paranccsal) után oké, kivéve, hogy az rsyslogd 100% cpu-t használ.
Tapasztalt már valaki ilyet?
Hiába szedtem le és vissza, ugyanaz.
Sziasztok a következő problémával küzdök már több hete és valahogy nem tudok rájönni hol rontom el, van egy router aminek 192.168.0.0/24 a hálózata, e mögött van egy másik router aminek a hálózata 192.168.1.0/24, a 1194 tcp/udp port forward-olva van. A VPN kapcsolat fel is áll gond nélkül csak sehogy nem tudom pingelni, sem a szerverről a kliens, vagy fordítva, a következő konfig-ja van:
SERVER
port 1194
proto udp
dev tun1
server 10.0.0.0 255.255.255.0
cipher AES-128-CBC
user nobody
group nogroup
verb 2
mute 20
max-clients 100
management 127.0.0.1 8876
keepalive 10 120
client-to-client
persist-key
persist-tun
ccd-exclusive
CLIENT
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
remote server.dyndns.org 1194
cipher AES-128-CBC
user nobody
group nogroup
verb 2
mute 20
keepalive 10 120
persist-key
persist-tun
float
resolv-retry infinite
nobind
##################
root@server:~# iptables -t filter -L -v -n
Chain INPUT (policy ACCEPT 4839 packets, 3874K bytes)
pkts bytes target prot opt in out source destination
81 5061 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
37 3046 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
61 7442 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
48 3056 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
26 2424 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
19 4200 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
0 0 ACCEPT all -- tun1 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br0 tun1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun1 br0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 5012 packets, 3551K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * tun1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
####################
root@server:~# iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 490 packets, 199K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 22 packets, 3314 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 595 packets, 41359 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 595 packets, 41359 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * br0 10.0.0.0/24 0.0.0.0/0
###################
root@server:~# iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 11032 packets, 9207K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 10548 packets, 9003K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 10452 packets, 8629K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 10549 packets, 8639K bytes)
pkts bytes target prot opt in out source destination
Sziasztok, a következő problémával szembesültem. Van egy debian szerver rajta egy KVM fut BIND/DHCP-vel, a szerveren virtualizálva van 2db Zentyal szerver AD-vel az egyik a master a másik pedig slave szerepkörben. A probléma ott kezdődik hogy amikor egy windows7 klienst szeretnék beléptetni a tartományba csak akkor tud belépni ha az alap szerveren lévő DNS szervert kikapcsolom, és akkor tud autentikálni a Zentyal master szerverről. Van valakinek ötlete hogy mit kellene beállítani.
Sziasztok! Egy kis segítséget kérnék SMTP auth-al kapcsolatban.
Egy saját SMTP -t csinálok levél küldéshez, hogy ne a szolgáltatóét kelljen használnom.
Azt szeretném elérni, hogy csak a saját hálózatból fogadjon leveleket, user/password-el authentikáljon és ezután közvetlen küldje ki a netre (nem pedig másik SMTP-nek)
Most ott akadtam el hogy:
- Postfix és saslauthd fut
- Telnet kapcsolattal tesztelve jó az auth.
- ha a postfixben az enyémtől eltérő hálózatot adok meg , ahogy kell eldobja...
- levelező kliensből amennyiben beállítom hogy a levélküldéshez kiszolgáló hitelesítés kell és ott megadom a user/password párost rendben hitelesít és elküld, ha rossz adatokat adok meg akkor ahogy elvárom, eldobja a leveleket.
A GOND ott van hogy ha a levelező kliensnek NEM adok meg olyat, hogy hitelesítsen a kimenő levél kiszolgálón simán elküldi a levelet!?!?
Valakinek ötlet?
Debian + Postfix + saslauthd az alábbi részletekkel:
*****************************************
Postfix main.cf érintett sorai:
relayhost =
mynetworks = 192.168.0.0/24
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
*****************************************
/etc/postfix/sasl/smtpd.conf tartalma:
saslauthd_path: /var/run/saslauthd/mux
pwcheck_method: saslauthd
mech_list: plain login
*****************************************
az /etc/default/saslauthd érintett sorai:
MECHANISMS="pam"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
*****************************************
az /etc/pam.d/smtp tartalma:
@include common-auth
@include common-account
@include common-password
Üdv!
A fail2ban-ban szeretném beállítani, hogy a "w00tw00t" típusú scan-ek bannolásra kerüljenek. (A HOST-ra mindig panaszkodik, hogy kell benne lennie.)
failregex = ^\[\] *w00tw00t\.at\.ISC\.SANS\.DFind.*
Ha böngészőben meghívom teszt jelleggel pl. "http://server.tld/w00tw00t.at.ISC.SANS.DFind.test0", akkor az access logban bent is van, de a fail2ban nem hajtja végre a ban-t:
IP_ADDRESS - - [14/Feb/2014:11:18:43 +0100] "GET /w00tw00t.at.ISC.SANS.DFind.test0 HTTP/1.1" 404 20621
A "failregex" nem jó. De hogyan kellene ezt megadnom?
(Tudom egy kicsit jobban el kellene mélyednem a regexp-ben.)
Hello,
az volna a problemam, hogy a legfrissebb Zentyal alatt a kovetkezot tapasztalom, idonkent eldobja a halozati meghajtokat a userek alol, mi lehet az oka?
Egyszeruen nem erik el a meghajtot, a masik geprol meg elerik, halozati hiba kizarva, valamint valoszinuleg emiatt beragadnak a megnyitott allapotban a doksik...
valaki talalkozott mar ezzel?
koszi!
Sziasztok!
Telepített már valaki Dell Poweredge T20 szerverre Linuxot (Debiant)?
Érdekelne, hogy van-e valami buktató vele, vagy minden működik egyből.
Köszi!
Üdv!
Egy CentOS 6.x-en szeretném az apache-ban beállítani mod_security rule-t.
Az /etc/httpd/modsecurity.d/activated_rules/myrules.conf fájlba kellene betennem tiltást, de mindkettő hibás szintaktikailag:
SecRule REQUEST_URI "\w00tw00t\.at\.ISC\.SANS"
SecFilterSelective REQUEST_URI "\w00tw00t\.at\.ISC\.SANS"
Mi lenne a helyes szintaktika?
